Home

Full Text Search on certain fields

Many asset fields containing text allow you to use full text search. Quickly find data of interest, combining advanced search capabilities to better interpret your question.

How to Search - The Basics

Let's take a look at the search field asset.name. There are many ways you can search this field.

Show any findings related to the asset name

asset.name: Car Assembly

Show any findings that contain parts of the asset name

asset.name: “Car Assembly”

Show any findings that match the exact name ACMENVT7

asset.name: `ACMENVT7`

Show any findings that match the nested query. Both subfields must match in order for the vulnerability to be returned.

vulnerabilities.vulnerability.criticality:[`CRITICAL`,`HIGH`]

Additional Search Capabilities

In some cases, field values are split into tokens that can be searched individually. Let's consider some scenarios for searching field values with additional search capabilities.

1) Field value contains a comma (,) or period (.) between numbers

Example: asset ID field contains the value "7781808c-ad94-3201-bebc-9d480f906d36".

In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.

Matching:

asset.assetID:"7781808c"-ad94-3201-bebc-9d480f906d36

asset.assetID:"7781808c-ad94"

asset.assetID:"7781808c-ad94-3201"

Non-matching:

asset.assetID:"9d480f906d36"

asset.assetID: "bebc-9d480f906d36"

2) Field value contains a period (.) between text

Example: name field contains the value "qualys.corp.com."

In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.

Matching:

asset.name: "qual"

asset.name: "qualys.corp"

asset.name: "qualys.corp.com"

Non-matching:

asset.name: "corp"

asset.name: "com"

3) Field value contains a comma (,) or period (.) between a number and text

Example: name field contains the value "102354.qualys" or "qualys,25576.13".

The value "102354.qualys" is split into 2 tokens: "102354" and "qualys". Prefix search on each token is supported.

Matching:

asset.name: "1023"

asset.name: "qualy"

Non-matching:

asset.name: "354"

asset.name: "lys"

4) Field value contains special characters and line/paragraph separators

Value contains a comma (,) dash (-), semicolon (;), line separator, paragraph separator (space/tab), carriage return, line feed, brackets ( ( [ { } ] ) ) or other special characters (? @ $ % & / \)

Example: name field contains the value "qualys-corp"

The value "qualys-corp" is split into 2 tokens: "qualys" and "corp". Prefix search on each token is supported.

Matching:

asset.name: "qua"

asset.name: "cor"

Non-matching:

asset.name: "alys"

asset.name: "orp"

5) Field value contains a phrase with a space, tab or new line

Example: vulnerabilities.vulnerability.title field has value "OpenSSH Xauth Command Injection Vulnerability"

The value is split into 5 tokens: "OpenSSH", "Xauth", "Command", "Injection" and "Vulnerability". We will perform complete case insensitive matching on each token in your search string and perform a prefix match on the last token in your search string.

Matching:

vulnerabilities.vulnerability.title: "openssh xauth com"

The "openssh" and "xauth" tokens match completely and "com" matches the prefix search for "command".

vulnerabilities.vulnerability.title: "injection vuln"

The "injection" token matches completely and "vuln" matches the prefix search for "vulnerability".

vulnerabilities.vulnerability.title: "xauth command injection"

All 3 tokens "xauth", "command" and "injection" match completely.

Non-matching:

vulnerabilities.vulnerability.title: "open comm"

The "open" token is leading and it does not match completely so this search would not return a match.

vulnerabilities.vulnerability.title: "inject vuln"

The "inject" token is leading and it does not match completely so this search would not return a match.

vulnerabilities.vulnerability.title: "xauth command ssh"

The "ssh" token is the last token and it does not match completely nor does it match a prefix search.

Looking for something else?

Tell me about related findings

This actually broadens your search in many cases which can be helpful for finding what you're interested in. These searches can return more than what you might expect.

Analysis - The field value you enter is analyzed against an index of the field value on the platform. This index is created by removing punctuation, lowercase, expanding to synonyms and other logical matches.

Results - Searches of the field index will return results that may not match the casing or the exact words you enter, and results may include related terms or synonyms.

Not using backticks?

If you are not using backticks we'll strip punctuation (including quotes) and match the words in any order, case and in most cases prefix.

I want case sensitive matches

Be sure to use backticks within your search value if you want to find exact matches..


 

 

Was this topic helpful?

success Thank you! We're glad to hear that this topic was useful.
success We appreciate your feedback. We'll work to make this topic better for you in the future.